sendmail: fix for long headers (by Vladimir)

Signed-off-by: Vladimir Dronnikov <dronnikov@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Vladimir Dronnikov <dronnikov@gmail.com> 2009-10-17 03:35:10 +0200
committer: Denys Vlasenko <vda.linux@googlemail.com> 2009-10-17 03:35:10 +0200
commit: 8dbe9bba8ef8f12b0ce90042a5b6a1e20fe781bf (patch)
tree: d2ad1921ed22f43fd6a00359aba53a5200cbd81f /mailutils/sendmail.c
parent: 2ace0ad2d7ee52e44dc98feb77bedf5e866e8f11 (diff)
download: busybox-w32-8dbe9bba8ef8f12b0ce90042a5b6a1e20fe781bf.tar.gz
busybox-w32-8dbe9bba8ef8f12b0ce90042a5b6a1e20fe781bf.tar.bz2
busybox-w32-8dbe9bba8ef8f12b0ce90042a5b6a1e20fe781bf.zip
1 files changed, 7 insertions, 2 deletions
diff --git a/mailutils/sendmail.c b/mailutils/sendmail.c
index a216d66c1..2f99df6c0 100644
--- a/mailutils/sendmail.c
+++ b/mailutils/sendmail.c
@@ -229,10 +229,15 @@ int sendmail_main(int argc UNUSED_PARAM, char **argv)
                        rcptto(sane_address(s+5));
                        free(s);
                        // N.B. Bcc: vanishes from headers!
                // other headers go verbatim
-                // N.B. we allow MAX_HEADERS generic headers at most to prevent attacks
-                } else if (strchr(s, ':')) {
+                // N.B. RFC2822 2.2.3 "Long Header Fields" allows for headers to occupy several lines.
+                // Continuation is denoted by prefixing additional lines with whitespace(s).
+                // Thanks (stefan.seyfried at googlemail.com) for pointing this out.
+                } else if (strchr(s, ':') || (list && skip_whitespace(s) != s)) {
 addheader:
+                        // N.B. we allow MAX_HEADERS generic headers at most to prevent attacks
                        if (MAX_HEADERS && ++nheaders >= MAX_HEADERS)
                                goto bail;
                        llist_add_to_end(&list, s);
author	Vladimir Dronnikov <dronnikov@gmail.com>	2009-10-17 03:35:10 +0200
committer	Denys Vlasenko <vda.linux@googlemail.com>	2009-10-17 03:35:10 +0200
commit	8dbe9bba8ef8f12b0ce90042a5b6a1e20fe781bf (patch)
tree	d2ad1921ed22f43fd6a00359aba53a5200cbd81f /mailutils/sendmail.c
parent	2ace0ad2d7ee52e44dc98feb77bedf5e866e8f11 (diff)
download	busybox-w32-8dbe9bba8ef8f12b0ce90042a5b6a1e20fe781bf.tar.gz busybox-w32-8dbe9bba8ef8f12b0ce90042a5b6a1e20fe781bf.tar.bz2 busybox-w32-8dbe9bba8ef8f12b0ce90042a5b6a1e20fe781bf.zip

diff --git a/mailutils/sendmail.c b/mailutils/sendmail.c index a216d66c1..2f99df6c0 100644 --- a/mailutils/sendmail.c +++ b/mailutils/sendmail.c
@@ -229,10 +229,15 @@ int sendmail_main(int argc UNUSED_PARAM, char **argv)
229	rcptto(sane_address(s+5));	229	rcptto(sane_address(s+5));
230	free(s);	230	free(s);
231	// N.B. Bcc: vanishes from headers!	231	// N.B. Bcc: vanishes from headers!
		232
232	// other headers go verbatim	233	// other headers go verbatim
233	// N.B. we allow MAX_HEADERS generic headers at most to prevent attacks	234
234	} else if (strchr(s, ':')) {	235	// N.B. RFC2822 2.2.3 "Long Header Fields" allows for headers to occupy several lines.
		236	// Continuation is denoted by prefixing additional lines with whitespace(s).
		237	// Thanks (stefan.seyfried at googlemail.com) for pointing this out.
		238	} else if (strchr(s, ':') \|\| (list && skip_whitespace(s) != s)) {
235	addheader:	239	addheader:
		240	// N.B. we allow MAX_HEADERS generic headers at most to prevent attacks
236	if (MAX_HEADERS && ++nheaders >= MAX_HEADERS)	241	if (MAX_HEADERS && ++nheaders >= MAX_HEADERS)
237	goto bail;	242	goto bail;
238	llist_add_to_end(&list, s);	243	llist_add_to_end(&list, s);